_-_ Posted December 4, 2017 (edited) . Edited May 31, 2019 by danielhday 0 Share this post Link to post
Grazza Posted December 4, 2017 1 hour ago, danielhday said: websites ... downloaded ... files ... without my permission You should never ever ever ever allow this to happen. Something is badly wrong if it does. 2 Share this post Link to post
Nevander Posted December 4, 2017 Kinda related, I keep seeing an .xpi file appear in my Temp folder in AppData randomly. I think uBlock is doing it but I'm not sure. 0 Share this post Link to post
geo Posted December 4, 2017 I know imgur has ads that keep hijacking the browser to tell me it needs a javascript update that pops up. I'm fine with seeing ads, but that in particular feels like a great reason to use adblock. 1 Share this post Link to post
129thVisplane Posted December 4, 2017 One time I was screwing around on a throwaway VM trying to find some obscure file on shady af sites, but quickly noped out and force shut the VM down when a drive-by-downloaded file with a .rar.png extension leaked into my main and triggered an alert in my AV. That was fun. 1 Share this post Link to post
Maes Posted December 4, 2017 (edited) 5 hours ago, Grazza said: You should never ever ever ever allow this to happen. Something is badly wrong if it does. Just like everything security-related, preventing drive-by downloads is a constant arms-race between those that have a vested interest in them occurring, and those patching security holes. Even if existing ones are patched, with new browsers and new extensions/technologies, others will open. Hell, we're almost in 2018 and still there's no definitive way for preventing unwanted popups. Pop-Up blockers exist, sure, but so do pop-up blocker workarounds, and counters against those workarounds, and counter-counters etc. As I said before, it's an ongoing arms-race. It wasn't until 2016-2017 that most browsers added a way to prevent at least Javascript dialog popups, with a checkbox to prevent further ones from a specifc page, and a keyboard shortcut (ESC) to close them when a page tried to hide the "OK" button from the user with a wall of ominous/threatening text ("YOUR COMPUTER HAS BEEN LOCKED * YOUR COMPUTER HAS BEEN LOCKED" etc.). Looots of fun with the ambiguous "Leave this page", "Stay on this page", etc. dialogs ;-) I think it was on 2015 or so when FINALLY, browsers disabled the ability for user code to modify the text on these buttons, which were used to con/threaten users into not leaving some shitty scammer's page. Edited December 4, 2017 by Maes 0 Share this post Link to post
UglyStru Posted December 4, 2017 3 hours ago, 129thVisplane said: One time I was screwing around on a throwaway VM trying to find some obscure file on shady af sites, but quickly noped out and force shut the VM down when a drive-by-downloaded file with a .rar.png extension leaked into my main and triggered an alert in my AV. That was fun. I've always wanted to do some malware analysis, but this is my #1 fear. 0 Share this post Link to post
Maes Posted December 4, 2017 (edited) Funnily enough, some (most?) malware has safeguards against running inside VMs, exactly to prevent being analyzed, so that would make VMs, in theory, the safest choice for executing pretty much anything. If one takes this reasoning further though, what prevents the "real" OS than posing as a VM, in order to shut down some malware? And, on the converse, what if malware authors reason that this precaution isn't worth the loss of potential victims, and abandon it altogether? Now, if some went even beyond that and managed to "punch through" VMs, well, hats off. O_o Edit: well, apparently there is malware that can not only detect it's running inside a VM, but also exploit specific vulnerabilities and "break free", rather than trying to keep "under the radar". https://security.stackexchange.com/questions/9011/does-a-virtual-machine-stop-malware-from-doing-harm Arms race, as I said. Still, it's amazing the lengths malware authors will go in order to make your day miserable, although making particularly obvious/destructive malware like the viruses of yore is not the primary goal today: it's more about spreading silently, securing your grip on the system and gaining control on demand. Edited December 4, 2017 by Maes 0 Share this post Link to post